809976ffdcb35c89790aa56ceec1eb8a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

809976ffdcb35c89790aa56ceec1eb8a_JaffaCakes118
Size

100KB
MD5

809976ffdcb35c89790aa56ceec1eb8a
SHA1

19cca29bb60fd02b6f006f9b9eeec49d833ea062
SHA256

7d8cb97d869189381be997dce15b50bc102b8319a84faabe01f6641977af0d86
SHA512

23aa953c33e36cc394834c867456374b6f7ebc14d74411f0a4c417ade6201a5ce690260d9e436e19e176c153656745680eee37bb5ebeb0608938f2b25b073e4e
SSDEEP

3072:jykaC2Jj4DJoCYFeYnr/leAnm88l3RaU:jykX2JqoCYFeYnDpnQl3oU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
809976ffdcb35c89790aa56ceec1eb8a_JaffaCakes118

Files

809976ffdcb35c89790aa56ceec1eb8a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

88c6898d875a63f939faaa3ee81a8174

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
GetModuleFileNameW
GetComputerNameW
InterlockedDecrement
GlobalAlloc
GetProcAddress
GetModuleHandleA
CreateFileW
GetSystemTimeAsFileTime
GetLastError
GetStartupInfoA
GetSystemWindowsDirectoryW
GetSystemDefaultLangID
WideCharToMultiByte
lstrcmpiW
IsBadReadPtr
LocalFree
InitializeCriticalSection
GlobalFree
RemoveDirectoryA
FileTimeToSystemTime
GetEnvironmentStringsW
DeleteCriticalSection
LocalReAlloc
GlobalLock
GetCurrentProcess
LoadLibraryW
OutputDebugStringA
FileTimeToLocalFileTime
OutputDebugStringW
lstrlenW
GetCPInfo
GetDateFormatW
SetUnhandledExceptionFilter
lstrcpyW
FormatMessageW
SetLastError
CloseHandle
QueryPerformanceCounter
GetTickCount
GlobalUnlock

user32

SystemParametersInfoW
SetDlgItemTextW
SendDlgItemMessageW
RegisterClipboardFormatW
GetDC
GetParent
MessageBoxW
SetWindowLongW
LoadImageW
GetDlgItem
EnableWindow
LoadIconW
LoadCursorW
wsprintfW
ReleaseDC
GetDlgItemTextA
GetWindowLongW
SendMessageW
DialogBoxParamW
WinHelpW
SetCursor
PostMessageW
EndDialog
InsertMenuItemW
LoadStringW
LoadBitmapW
SetWindowTextW
SetFocus

certcli

CAAddCACertificateType
CAFreeCertTypeExtensions
CAGetCAProperty
CAGetCertTypeExtensions
CAEnumNextCertType
CAFindCertTypeByName
CASetCertTypeKeySpec
CACertTypeSetSecurity
CAEnumCertTypesForCA
CAGetCertTypePropertyEx
CAUpdateCA
CAFreeCertTypeProperty
CASetCertTypeExtension
CACertTypeGetSecurity
CAGetCertTypeFlags
CACloseCertType
CASetCertTypeProperty
CAGetCertTypeKeySpec
CACloseCA
CAEnumCertTypes
CARemoveCACertificateType
CACreateCertType
CAGetCertTypeProperty
CASetCertTypeFlags
CAUpdateCertType
CAFreeCAProperty
CAFindByName

msvcrt

_onexit
malloc
??1type_info@@UAE@XZ
_initterm
wcsrchr
_wcsicmp
free
wcschr
wcsstr
_wcsupr
wcstoul
?terminate@@YAXXZ
_except_handler3
??3@YAXPAX@Z
??2@YAPAXI@Z
__RTDynamicCast
wcscpy
wcslen
memmove
__dllonexit
wcscmp
wcscat
_adjust_fdiv
vswprintf
mbstowcs

advapi32

RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW

comctl32

PropertySheetW
CreatePropertySheetPageW

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88c6898d875a63f939faaa3ee81a8174

Headers

File Characteristics

Imports

kernel32

user32

certcli

msvcrt

advapi32

comctl32

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 16KB - Virtual size: 120KB

.rsrc Size: 23KB - Virtual size: 22KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 120KB

.rsrc
Size: 23KB - Virtual size: 22KB